HTTP Data Acceptedmore
The kinds of data encoding that you will accept.

text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

HTTP Character Sets Acceptedmore
The kinds of character encoding that you will accept.

Your Social Security Number

Relax: its a joke.One of my evil friends suggested I should put this here.
Shame on you Mr. Stockdale!

XXX-XX-XXXX
Digits masked by Xs for privacy

Other Stuff

There are lots of other things that can be discovered by JavaScripts that run on
web pages. Unfortunately (or fortunately, depending on you viewpoint) due to the
"browser wars" between Microsoft and Netscape, JavaScripts work differently on
different browsers. Thus it is tough to do a general-purpose page like this
that covers everything, and I have only shown a small sample of what is
possible.

Even well-intentioned, honest people can write JavaScripts and ActiveX controls to
get more info out of your computer. For example, JavaScripts can read out the
position of your mouse on the page or in a specific document, detect mouse clicks,
find out which plug-ins your browser has, etc. etc. etc.

I try to be honorable and honest, so I don't do "Port Scans" to check whether
particular ports on your computer are "Open", "Closed", or "Stealth", as this
could be interpreted as hacking. I'm such a nice guy I don't even put cookies on
your computer.

Unfortunately, not everybody is a "nice guy". People who are up to no good have
a lot of time to devote to inventing nasty tricks, and can get much more info
from browsers and Operating Systems that they target. In fact, more info than
they were intended to be able to get by those who developed the subject browsers
and operating systems. One manifestation of this is the writing of web pages,
scripts and programs of ALL kinds that have intentional errors. These
errors can, in some cases, cause your browser or operating system to do
unpredictable things. These are generally called "exploits", as they are
exploiting, for evil purposes, some problem that someone has discovered with a
given browser or operating system.

Many security experts recommend that you turn off JavaScript for casual
browsing. Of course then a lot of things won't work. Catch-22.

And then there's ActiveX, used by Windows machines (but not Macs or others) that
has been described by some security experts as the biggest security disaster
ever. But I won't go there.

Discussion

Date, Time, & Time Zone

The date and time from your computer clock and the time zone information (expressed as
minutes offset from UT (Universal Time: Standard time in Greenwich England) is shown
here. The time zone information is presented here as minutes of offset from UT with
negative values (earlier) for Time Zones West of Greenwich (0 degrees Longitude) and
positive values for Time Zones East of Greenwich. The Time Zone is not calculated from
your clock value, but is directly read from info that you entered about your time zone
when you initially set up your computer. If you have your computer set for Automatic
Daylight Savings adjustments, this is reflected in the time zone info.

The date is represented in standard ISO format: Year-month-day. Get used to it. The
Time from your computer clock is represented in 24 hour format. Your Time Zone from
UT in minutes (East +, West -).

Like your IP address, your time and time zone can be used to find your approximate
physical location. This is especially true if you live in one of those areas that is
offset by a fraction of an hour from UT.

Your Screen Resolution

Your computer's screen is a collection of picture elements (pixels) arranged in rows and columns.
The number of rows and columns in your computer's display is shown here.

Your Screen Color Depth

Each pixel on your computer screen is represented by a number of bits. The number of colors that
can be represented by each pixel is 2 raised to the power of the number of bits per pixel.

Your Browser Plugins and their File Names

Your browser has "plug-ins" or extra files to help it interpret some kinds of files, such as
Java Applets, Flash animations, PDF files, etc. Shown here are your browser's plugins and their
file names. You can find these files in your computer's file system if you do a little snooping.

Plug-ins are numbered starting from zero and that's how I show them here. Why count from zero?
Its like counting birthdays. Your zeroth birthday is the day you are born. Your
1st birthday is when you are one year old, your 2nd birthday is when you
are two years old...

Your Computer, OS, and Browser

This is the "User Agent" string defined in the specification for http: the HyperText Transport Protocol.
It is used to identify your browser to the web page so that they can make any necessary adjustments to
the page to be delivered. Lots of people use these to find out what % of their hits come from various
types of equipment. It can also be useful to "bad guys" who want to attack your computer. At present,
if this indicates you are using a Mac, you are unlikely to be attacked. In the long run, while Macs
are harder to attack (UNIX-based, no ActiveX, built in stateful firewall, oddball services off by
default, etc.) there are no guarantees...

Your IP Address

The IP address is the actual address on the internet to which your computer is connected.
Each IP packet contains a "To" address and a "from" address. The address displayed here
was captured by my server from the "from" address in the IP packet you sent to request
this page. Normally, each internet user needs an individual IP address so that
information can be uniquely returned to that user. If you are behind some kind of
shared firewall (as at many public schools) tricks are played to represent each user by
a combination of port # and IP address and the relationships appear random from outside
the firewall, but are carefully maintained inside the firewall to make sure everyone
gets the right information.Think of it as being like your "phone number" on the
internet. Unlike phone numbers, however, your ISP will generally give you a different
address each time you log on (for dial-up users) or periodically (every few days)
otherwise. You have to pay extra to always have the same IP address. The current
version of IP (Internet Protocol) is version 4, so you will often see references to
"IPv4". IPv4 addresses have 32 bits, allowing about 4 billion addresses worldwide.
These 32 bit addresses are represented as 4 decimal numbers separated by periods (or
full-stops, if you prefer). Each of the decimal numbers runs from 0 through 255, which
is the range of values that can be represented in each group of 8 bits.

Databases
and services are available that identify the ranges of IP addresses used by each
Internet Service Provider (ISP) and in which locations they are used. So any web site
operator that really wanted to know where you are physically located could probably
determine this within a few dozen kilometers. Doing this costs money, but not big
money, so you should assume that anyone running a website who really wants to know your
approximate physical location can discover this.

Your Host Name

The name connected with your IP address. This may include your IP address and
the name of your ISP. If you have any hosting services enabled on your computer, such as FTP of HTTP this can possibly be used to access your computer remotely.

Your Port #

Inside the data area of an IP packet is another packet, which in general could be either
a TCP (Transmission Control Protocol) packet or a UDP (User Data Protocol) packet. TCP
checks to see if packets were received at the far end and re-sends them if they were
lost. It also protects against accidental duplication of packets. UDP provides a more
basic service, and doesn't check for errors. Web page transactions always use TCP.

Both TCP and UDP have an additional pair of "port" numbers (destination and source),
which are 16-bit numbers (decimal values 0 through 65535) and are basically treated as
an extension of your IP address. Port numbers are assigned by the Internet Assigned
Numbers Authority (IANA) as follows:

Port 80, for example, is used on servers for incoming web page requests using
HTTP. When you request a web page you send a request "to" port 80 on the server. You
send this "from" a port on your computer which has a number at or above 49152. When the
server returns the
web page, it returns it "to" your IP address and the port number that you used for your
request. The "from" port number in this reply is 80, since you used this in your
original request.

When you request images or other info that may be on a page, each of these is requested
"from" a different port number on your computer and returned to that port by the server.
This allows you to request multiple items that make up a web page simultaneously from
the same server without your computer (or the server) being confused. Normally, port
numbers on your computer advance by one with each request until reaching 65535, at which
point the next request will jump back to around 49152.

Page Requested

When you requested this page via HTTP this is the page you requested. Note that if you requested a
directory:

http://www.bee-man.us/about_you/

you will probably see the actual page here:

http://www.bee-man.us/about_you/index.php

The "index.php" was appended to your request by my server because this is the default first page
in a directory for UNIX-based web servers. For Windows-based servers the default first page is
"default.html". If there is no default page, you will receive an index of all the documents in
that directory, if permitted by the web server. Web sites that wish to hide the contents of directories
will make sure that there is a default page in the directory, even if it is a blank page. That way nosy
people can't list directories. Some web servers don't allow retrieval of indexes of folders, and some
allow it to be configured by each web master.

The part of the URL which identifies the web site is case-insensitive. These two URLs are equivalent:

http://www.bee-man.us HTTP://WWW.BEE-MAN.US

But the part after the web site may or may not be case-sensitive, depending on the server. My hosting
company (ICDsoft) uses UNIX-based servers and so the following are NOT equivalent:

http://www.bee-man.us/about_you
http://www.bee-man.us/ABOUT_YOU

If you try to point your browser to the one with caps, you will get a "404" (page not found).

Referrer

If you clicked on a link on another page which sent you here, the URL of that page will be here,
if your browser is set up to provide this information. If you got here by typing in the URL or
using a bookmark, then this should be blank.

HTTP Request Method

The HTTP protocol has a number of methods that are built in. The most common is "GET" which is
intended to "GET" a web page or other info. If you are returning info to the web page (e.g., posting
to a forum, filling out a form) your browser would
use "POST" or "PUT". Other methods include "HEAD" which requests only the headers (your browser does
this invisibly to see if the page contents are the same as what it has stored from the last time you
visited that page), "DELETE", "LINK", and "UNLINK", which are not generally used (and will not work!)
for ordinary users.

Query String

The query string is everything after the question mark "?" in the page URL. The
exception to this is that the first "#" character and everything after it is not included in
the Query String, as this represents an internal link within a page, and not a Query String.

Since you probably didn't put a question mark in the URL when you requested this page, this
will be blank. To see what would happen if you did, go to the address field in your browser
and type (or copy and paste):

http://www.bee-man.us/about_you?gandalf

When you do this, and refresh the page, you should see "gandalf" as the query string.

This is often used as a trivial way to send data to web sites without the hassle of using the PUT or
POST methods of HTTP. Yahoo's stock quotes work this way. I have placed a link below to get
stock price quotes from Yahoo for Apple Computer (aapl), ibm (ibm) and Microsoft (msft) using
their respective ticker symbols:

Click the link to see what happens. As you can see from the above, the query string for this request is:

s=aapl+ibm+msft&d=v1

Some characters, such as space and any other characters outside the range 33-127
(decimal), need to be encoded specially. This is done because URLs are limited to
certain characters, and characters that are not allowed are encoded as a "%" sign
followed by two hexadecimal (base 16) digits indicating the character number. Space is
ASCII character number 32, which is 20 in hexadecimal (two 16s and no ones) and so is
encoded as "%20. This of course implies that the "%" character (ASCII 37) must itself
be encoded as "%25", or else ambiguities will arise. For example, if you didn't always
encode "%" signs, the characters "%20" would be the encoding of both "%20" and "% "
(percent space). In actuality you would encode "% " as %25%20" and you would encode
"%20" as %2520". When working with computers and data, ambiguities are deadly.

Query Strings can interact with caches. Many web pages are cached (stored locally) by your ISP.
This is done to avoid continually retrieving popular but distant web sites over expensive long links.
When you request such a page it is served from the ISPs cache, not from the site itself.

Sophisticated web sites have info in the HTTP headers of their site about when the site
was last refreshed and when the next update is to be expected. These headers are very
small compared to the size of the pages themselves. This allows the ISP to check these
headers periodically so that they know when changes occur. This means that you almost
always get an up-to-date page, despite caching. It also means that things like
web-site hit counters are often not accurate, since many site views don't actually go
to the site.

Obviously, web sites which depend on information from you, like Yahoo's stock quotes,
cannot be cached. To do so reliably would require the ISP to have access to all of the
databases and program logic on the site. This is almost never possible, as many of
these items are proprietary. To allow for this, if the URL for a page contains a "?"
(unless it is immediately followed by a "#") the request will bypass any caches in the
path and go directly to the web site. This can be useful when you know that a site
should have been updated and you keep getting an old copy. Just put a "?" at the end of
the URL. Don't abuse this knowledge!

Encoding Methods

These are the encoding methods for data that your browser accepts. It usually includes ZIP
(gzip) and others such as "deflate" and "identity", but may be blank, indicating that anything goes.

Sometimes there are multiple ways to encode something, and in that case a
method for encoding preferences is used. Your first preference is the first item. Lower preferences
are comma delimited and show order of preference with a "q" value (0 to .99). Highest "q" value is most
preferred option. After the first item, the order of appearance is not important. Only the "q" values
matter. For example, my browser shows the following preferrences:

gzip, deflate;q=1.0, identity;q=0.5, *;q=0

That means that gzip and deflate are preferred, identity is acceptable and everything else (asterisk) is
not accepted.

"q" coding is also used for indicating other preferences, including for Language, Data Types, and
Character Sets.

Languages

Languages you will accept with preference indicated.
Your first preference is the first item. (language
optionally followed by national variant indicator).
Lower preferences are comma delimited and show order of
preference with the "q" value (0 to .99) Highest "q" value
is most preferred.

The list of languages and their codes is maintained by the Internet Assigned Numbers Authority
at Iana Language Subtag Registry.
Unfortunately, the names of the languages are the English names only. Thus to find Spanish you would
look for "Spanish", rather than Espanol. Case (capitalization) is not significant. Thus ES, Es, eS, and es
all refer to Spanish. IETF RFC3066
Tags for the Identification of Languages sets out the rules for usage.

After the language identifier there can be a national variant identifier. Thus English as spoken in
the UK would be identified as en-gb (or unofficially as en-uk as per the TLD code for the UK) and
as spoken in the United States would be en-us. The official list
of Country names is kept by the International Standards Organization,
English country names and code elements. The list of country names used as Internet suffixes is kept
by IANA IANA ccTLD Database. Sometimes these are used for national sub-identifiers
instead of the official ISO ones. An example would be en-uk, since the UK has two internet TLDs: uk and gb.

Some web pages have multiple languages available, and
will give you the highest prioroity one in your list
that they have available.

The top ones on my Safari browser (most preferred first) are:

en-us

English: US variant

en;q=0.97

Generic English: any version

es-es;q=0.93

Spanish: Spanish variant

es;q=0.90

Generic Spanish: any version

HTTP Data Accepted

The kinds of data encoding that you will accept. Preferences are expressed in "q" code as above.
Examples include text/plain, text/xml, text/html, etc. "q"
values indicate preference.
"/", asterisk, or blank means data of any type will
be accepted. For example my Firefox browser gives the following:

The kinds of character encoding that you will accept.
Examples include ISO-8859-1,utf-8, etc. "q" values indicate
preference.
"/", asterisk, or blank means characters of any type will
be accepted. My FireFox browser indicates the following:

ISO-8859-1,utf-8;q=0.7,*;q=0.7

Request Protocol

Since you are requesting a web page, this will be some version of HTTP (Hyper Text Transfer Protocol,
almost certainly HTTP 1.1. In the original version of HTTP, each web page had a different IP address.
This became a problem as the internet grew because since each user needs a unique IP address, and each
web site in HTTP/1.0 needed a unique IP address, the possibility existed that the pool of available
IP addresses could be exhausted. HTTP/1.1 made a number of improvements, including allowing a potentially
unlimited number of web sites to be hosted on one server (or server complex) at a single IP address. This
was a big help to web hosting companies, who were exhausting their own limited supply of IP addresses.

HTTP Connection type

There are two kinds of HTTP connection: "keep-alive" (the default), and "close". A "close" connection
closes (is disconnected) once the object you have requested has been delivered and confirmed as received.
A "keep-alive" connection stays open in case you request more information. This saves server resources,
as creating a new TCP connection (the protocol over which HTTP is carried) involves considerable work
and resources, so it is worth while from the server point of view to minimize this. Of course, idle
connections will eventually be closed, but probably not for several minutes. If they are continually
used, they will stay open for quite a while.

Read More

All of the information required to duplicate this page (or expand on it!) is available publicly from various places on the internet. Below are links to and descriptions ofsome sites that I think are good and authoritative ones. Of course I am not responsible for what they post, or what their sites may do. Hey, its the Internet!

The best guide to securing your computer. Read it, believe it, do it.
Guides are available for most common computers and
Operating Systems (Mac, Solaris, Windows). And best of all, the price is right
(free, the only right price).

Internet Engineering Task Force (IETF)
This is the organization that defines the basic protocols of the Internet. All
of the standards are posted on their web site and are freely available.
Their documents are not tutorials! Some can be incredibly difficult to
understand. But they are the official documents.

That means that although it is copyrighted, it is intended for you to use for education or entertainment. Unlike a lot of my pages, you can't realistically copy this one, as it relies heavily on PHP scripts on my server which you can't access. Nevertheless, the small amount of JavaScript near the top of the page (Date, Time, Timezone, Screen Resolution, and Screen Color Depth) should work if you copy this to your hard drive. Feel free to do so.

I make NO guarantee of any kind.
This page may contain serious errors.
Use this page entirely at your own risk!

You did not see this. Your eyes are growing heavy. You will scroll up and remember nothing...